On Mon, Apr 15, 2024 at 10:01:59PM +0200, Karel Lucas wrote: > They both give a syntax error by booting. > > Op 14-04-2024 om 17:45 schreef Zé Loff: > > pass in on $int_if proto udp to port 53 > > pass in on $int_if proto udp to $nameservers port 53
You're not giving us a lot to work with here. Off the top of my head, seeing that your int_if macro is a list of two interfaces, that may well be your problem (or one of them). The rule syntax is not really intended to deal with a list of interfaces following 'on'. It is likely more useful to treat the two interfaces separately. The other option - if your network layout is such that it makes sense to treat them to the same rule criteria - would be to make an interface group with both interfaces as members, then use the interface group name in your rules. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
